Check Point Research uncovers how spying on organizations, not to mention hundreds of thousands of private individuals, could well have been possible via an account takeover of commercial and consumer drones manufactured by the world's leading drone vendor, DJI.The research demonstrates how an attacker could gain full access to a drone user's account across each of DJI's account platforms and steal the following data:

• The drone's flight records and photos taken during a flight, if a DJI user had synced them with DJI's cloud servers • Information associated with a DJI user's account (e.g. user profile information, credit card details and more)• The drone's real time camera, microphone and map view• A live view of the drone pilot's camera and location, if a DJI user were using DJI's FlightHub flight management software.